We use cookies to customise content for your subscription and for analytics.If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

This is welcome news for companies that transfer personal data from both the EU and Switzerland to the United States. Since the Department of Commerce began accepting certifications under the EU-US Privacy Shield in August 2016, companies that transfer personal data from both the EU and Switzerland to the United States have had to certify under two different frameworks. However, implementation of the Swiss-US Privacy Shield will help align the obligations for Switzerland-US transfers with those of EU-US transfers. Companies can begin certifying compliance on April 12, 2017.

The Swiss-US Privacy Shield Framework replaces the US-Swiss Safe Harbor Framework, the legitimacy of which has been in question since the European Court of Justice (ECJ) determined in October 2015 that the EU-US Safe Harbor framework was invalid. Following the ECJ decision, EU and US officials announced the EU-US Privacy Shield framework in February 2016 and finalized it in July 2016.

In its press release, the Swiss Federal Council highlighted “the stricter application of data protection principles by participant companies on the one hand and the administration and supervision of the framework by the US authorities on the other” as benefits of the Swiss-US Privacy Shield. It also underscored the creation of an arbitration body and the ability of people living in Switzerland to inquire with the US Department of State as to the processing of their data by US intelligence services.

The Department of Commerce has said that the new framework “will enhance transatlantic data protection and support the continued growth of U.S.-Swiss commercial ties.” Federal Trade Commission (FTC) Chairwoman Edith Ramirez has pledged that the FTC will “continue [its] vigilant approach to enforcement of the new Framework.”